Answered: [Security threat] tags are not sanitized in extra question field
Post date: 2020-07-01 00:44:51
Views: 215

Hey q2apro, I think you are testing the default q_view_extra($q_view); function.

The default function is still safe. But if you pull the content from the databse, it's not safe.

First, look! The script is stored in database.

database

Second, if create a function to pull that content form the datase:

public function q_item_extra($q_item)
{
$postidz = $q_item'raw']'postid'];
$extra = qa_db_read_one_value(qa_db_query_sub(
       'SELECT content FROM ^postmetas WHERE title="qa_q_extra" AND postid=#',
        $postidz
   ), true);
 
 //$extra = $q_item'extra']'content'];
 
        $this->output('My info:'.$extra);   
   
}

Here's the result:

test

I hope you'll get my point.
Please click Here to read the full story.
 
Other Top and Latest Questions:
Abbott Elementary: Mall Part 2: Questions and Concerns
Hyatt Chairman Pritzker leaves board over Epstein ties
Curling scoreboard question
French prosecutors are investigating companies like Nestle and Danone over contaminated baby formula. Here's the latest
Bilt Palladium Card review: A premium option for earning points on rent, mortgage payments
Abbott Elementary: Picture Day
Apple takes on YouTube and Spotify with new video podcasting push
Special Event: Rifftrax: Hunks of Junk
Movie: Life After Beth
Movie: GOAT